Court Orders Cloudflare to Prevent Access to Pirated Music or Face Fines or Prison

This week visitors to pirate music site DDL-Music were greeted with a rare 'Error 451' message from Cloudflare, indicating that the site had been rendered unavailable due to legal reasons. It now transpires that following legal action by Universal Music, Cloudflare was served with a court injunction , which threatened fines and potential prison time for non-compliance.

Earlier this week, Germany-focused music piracy site DDL-Music.to suddenly became inaccessible to the public. The site had been using the services of Cloudflare but an unusual error message suggested that the US-based company had stepped in disrupt the site’s activities.

‘Error HTTP 451’ is displayed by Cloudflare when a site is “Unavailable For Legal Reasons” and at least as far as pirate sites are concerned, its appearance is very rare indeed. Cloudflare’s documentation indicates that the message should be accompanied by a reason for the response, noting that it “should include an explanation in the response body with details of the legal demand.”

As the image above shows, no explanation was provided by Cloudflare but an investigation by Tarnkappe, details of which were shared with TorrentFreak, now reveals the unusual circumstances behind DDL-Music’s disconnection.

Early June 2019, Universal Music GmbH (Germany) reportedly sent a copyright infringement complaint to Cloudflare after finding links on DDL-Music to tracks from the album Herz Kraft Werke by German singer Sarah Connor. The tracks themselves were not hosted by DDL-Music but could be found on a third-party hosting site. Universal wanted the tracks to be rendered inaccessible within 24 hours but Cloudflare didn’t immediately comply.

Universal Music reportedly followed up with a warning to Cloudflare on June 19, 2019, demanding information about DDL-Music and its operators. A day later, the CDN company responded by declaring that it’s not responsible for its customers’ activities and Universal should deal with the website’s operator and/or webhost. However, Cloudflare did provide Universal with an email address along with details of DDL-Music’s hosting provider, supposedly in Pakistan.

With an obvious dispute underway, a hearing took place at the Cologne District Court (Landgericht Köln) on December 5, 2019. Lars Sobiraj of Tarnkappe, who obtained documentation relating to the hearing, informs TF that the Court ultimately determined that Cloudflare could be held liable for infringement of Universal Music’s copyrights by facilitating access to the tracks via DDL-Music, if it failed to take action.

This “liability as a disturber” (Störerhaftung) comes into play when a service (in this case, Cloudflare) contributes to a third-party’s infringement, without the element of intent. Under German law, however, the service can be held liable for infringement, if it fails to take reasonable action to prevent infringement in future.

On January 30, 2020, the Cologne District Court handed down a preliminary injunction against Cloudflare. This was received at the Hamburg offices of Cloudflare’s law firm TaylorWessig on February 4, 2020. It informed Cloudflare that should it continue to facilitate access to the Universal Music content detailed above, it could be ordered to pay a fine of up to 250,000 euros ($270,000) or, in the alternative, the managing director of Cloudflare could serve up to six months in prison.

In the event, however, Cloudflare appears to have taken the decision to jettison DDL-Music completely, as indicated by the Error 451 message that appeared a few days ago. The district court’s decision can be appealed but whether Cloudflare will take that route is currently unknown. Despite requests from TF for comment, the company has remained silent.

Meanwhile, DDL-Music appears to be migrating to DDoS-Guard, a CDN and DDoS mitigation platform that according to its website is registered in Scotland but is most probably based in Russia. Or the Netherlands, if its Twitter account is to be believed.